Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-06-2024 20:49
General
-
Target
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
-
Size
36KB
-
MD5
006f370d71f60e4f449565d64c67ab37
-
SHA1
247a478b05869606455f62f7e4fc9410684d0b54
-
SHA256
97fa4860ddfd62eae525d2d021f026d85b361bf0f3220598a35b5f4c16db1ea8
-
SHA512
620d7ab8d3407529a917daa27e16b36a88c3d4228011bfc74292cc97614ff6d328ab7943bbe4bce60610398fcf61b49fce533c083ee54df206b2bde9dcfbefe0
-
SSDEEP
768:dCs1VT4DmmGWFW4ckEC9vpCnY9m6y+nHVNxo1HDDme:d1TClGi1cOVM3Axo1HDN
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dllFilesize
25KB
MD54f295581caf2904699cdd4fced41c810
SHA198d1e85ea54d42d08bca6f78ceaa98b8ad947039
SHA256e0aa03a2e84c19d1acdbd83f5ba3ed80aff9a3321ddd2ec9c2bf7ecf284f6c4a
SHA512260a22f71df19ea650a11be59a6c5eb9b0f1196e57b3dae0d14c7ae9db56b837771380893b3ee1beaa9114dfed34664ec4210cd31d0bba19fbe74ded4da11eab
-
memory/2040-0-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/2040-5-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2040-4-0x0000000000220000-0x000000000023F000-memory.dmpFilesize
124KB
-
memory/2040-6-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/2040-7-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB